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information security leader training program hosted by KITRI(Korea information Technology 
Research Institute). He, in BoB, conducted a project to analyze vulnerabilities in embedded 
devices such as routers, IP cameras, Smart home, and SCADA. Also, he presented the project 
results at POC(Power Of Community) 2015 on the subject of "What if Fire Sale occurs in 
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The History of Digital Forensics on Smart TV 
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"That Time Cops Searched A Samsung Smart TV For Evidence Of Child Abuse" 
- US Forbes magazine in 2017. 


Tt occurred in June 2016, when San Diego officers working for the Homeland 

Security Investigations (HST) unit sought information from the Samsung smar) 

‘TV of Mikhail Feldman, a man previously convicted for possession of "images. 
explicit. 


“рг төө oce also found several ems of contraband and evidence of 


a Samsung Smart Television (with internet access), Model: UNA6POSSOAF, 


7" ||conduct violating the terms of Feldman's supervised release. These items = 


[Serial No: Z6PRICVDAOSSISD; å Toshiba Satellite laptop, Model: PSAFGU- 


‘A it appears to be the first ever published warrant for a smart TV 
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Related works on Smart TV Forensics 


Бра Further Analysis on Smart ТУ Forensics; 
Park, Minsu, et al. the Journal of internet Technology „ДЮ accepted for 


[1] "Smart TV forensics: Digital traces on televisions; 
Bortas, Abdul, et al. Digital Investigation 


[2] "A forensic overview of the LG Smart TV," 
Sutherland, lain, et al. Australian Digital Forensics Conference 


13) "study on Smart TV Forensics; БУТ 
Kang, Heesoo, et al, KIISC* 


201406, 
141 "Forensic analysis of smart TV: A current issue and call to arms,” 


aisi Sutherland, lain, et al., Digital Investigation 


15] “A Review of Smart TV Forensics: Present state & Future Challenges,” 
Al Falayleh, Mousa. DIPECC 2013 


FRIISE Korea institute of information Security & Cryptology 
KOREA 


UNIVERSITY. 


The History of Digital Forensics on Smart TV 


Related works on Smart TV Forensics 


«mE Б Ana on mat Tees 
enes park, Minsu, et al. the Journal of Internet Technology cepted for 


РО iit "sare Tv forensics gna racer om elevs 
"UCTONCS  Boztas, Abdul, et al. Digital Investigation 


[21 "A forensic overview of the LG Smart TV, 
Sutherland, lain, et al. Australian Digital Forensics Conference 


3] "Study on Smart ТУ Forensics УЛДА «279 


Kang, Heesoo, et al. KIISC* 


[4] "Forensic analysis of smart TV: A current issue and call to arms,” 
Sutherland, lain, et al. Digital Investigation 


gu» ØP 


2013. 
151 “А Review of Smart TV Forensics: Present state & Future Challenges,” 
Al Falayleh, Mousa. DIPECC 2013 


FRIST Korea institute of information Security & Cryptology 
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The History of Digital Forensics on Smart TV 
e —— ——;  — Oo 


2013. 10. 2014.06. 2014. 10. 2014. 12. 2015.00, (accepted for 
IS]M.ALFalayeh [4] |, Sutherland [3] H.S.Kang [2] Sutherland [1]A.Bortas Mealy 
MS Park 


[5] “A Review of Smart TV Forensics: Present state & Future Challenges,” 


Al Falayleh, Mousa., DIPECC 2013 
(1) Digital evidences on the Smart TV (2) Challenges facing the Smart TV forensics 
Current, Smart TV is continuously developed 


ecu 


[4] "Forensic analysis of smart TV: A current issue and call to arms,” 
Sutherland, lain, et al., Digital Investigation 
cquisition method on the Smart TV 1. Relevant digital clues 


шр 
ия ф ierant tor boa 
soldered storage device 4. The need for specialist knowledge or equipment 
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2013. 10. 2014. 06. 201. 10. 2014.12. 2015.03. — (accepted for 
IS]M.ALFalayeh _ [4], Sutherland — [S]HS.Keng — [211.Sutheriand [1] A.Bortas publication 
2016.11) 
MS. Park 

Target Analysis Process 


Get Root 
privilege. 


- Using SW z | 
Vulnerability 
Samsung ја ах 
UNA6ES8000(2012) DE е. cx 


-» Collecting 9 User's Action Data on Features of TV & Applications 
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2013.10. 2014.06. 2014. 10. 2014.12. 2015.03. (accepted for 
IS]M.ALFalayeh [4] |. Sutherland [3] H.S.Kang  [a]lSutherland — [1]A.Bortas © publication 
2016.11) 
MS. Park 


Analysis Process 


Setting Menu & 
Applications. 
Menu 


4215707-28(2012) SSLA740V(2013) 


-» Collecting 10 User's Action Data on TV & Applications Menu 
(e.g. Recent History : My Apps -» Home -> Recent) 
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The History of Digital Forensics on Smart TV 


2013. 10. 2014.06. 2014. 10. 2014.12. 2015.03. (accepted for 
[5] М. Al. Falayleh — [4] |. Sutherland — [3]H.S.Kang (21 Sutherland — [1]A.Boztas ^ publication 
2016.11) 
MS, Park 
Target Analysis Process 
Failure 
UE 
Samsung EM ES ER 
UEAOF7O00SLXKN(2013) Using SW 
Vulnerability 
on Smart TV 


-> Collecting about 8 User's Action Data on Features of TV & Applications 
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SANE SANE 


2013.10. 2014.06. 2014. 10. accepted for 
IS]M.ALFalayeh [4] 1. Sutherland — [3] H.S. Kang publication, 
2016.11) 


MSS. Park 
Target Compare with the previous studies 
Tage 
ш ы ad 
‘Samsung 
'UN46ES8000(2012) 2014. 12. 2015. 03. 
[21 . sutherland ША. Bortas 
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Samsung Smart TV 


MAI Falayleh 


TV Forensics Concepts. 


[5] 


2013 


1 Sutherland 


2014 


A Bortas. 
[t] 


2016 


Australian digital 


DiPtCC 2013 == confer | | 952" Dighalinvesigition С 
Гэгээ 
—À E ки m 
T = sove алми 
йн | vunersbilty | vulnerability Volnerablty 
” (1-day vuln) (1-day vuln) (1-day vuln) 


functionsconfig 


1) Disk Imaging 
ОЧ 


кз guessed in the 
same way as us) 


(1) Disk imaging 


*KUSC: Korea Institute of Information Security & Cryptology 
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Smart TV Hacking 


1G Smart TV 


Hack In Paris 2017 
"Are you watching ТУ now? Is It real?: Hacking of smart TV with O-day" 


The History of Digital Forensics on Smart 


Smart TV Hacking 
Samsung Smart TV 


Black Hat USA 2013 
У "Hacking, Surveilling, and deceiving victims on Smart ТУ” Y "The Outer Limits: Hacking A Smart TV" 


Online community on the Samsung TV Firmware | E 
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Common Criteria on the Smart TV 


LG Smart TV LG Smart TV 
Study а PP(Protection Profile) for Smart TV How to obtain CC Certification of Smart TV 
(2014) (2017) 
Bl 
Developing a PP for Smart TV. iw Obi Common Cites Сонни 


Smart TV for Home IoT Security and Reliability 
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of Digital Forensics on Si 


Common Criteria on the Smart TV 


LG Smart TV Samsung Smart TV 
LG Smart TV Application Security Solution Samsung Smart TV Security Solution. 


(received СС EAL2 certification) (received CC EALI certification) 
шанхын Samsung Smart TV Security Soliton Vi 0 


Certificate Qs ий 


LG webOS 3.0 Smart TV Forensics 
- Data Acquisition 
- File System & Data Analysis 
- Collect LG Smart TV's digital evidences 
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G webOS 3 


Target mart 


- Model : 43UH6810 
- OS : webOS 3.0 
- Firmware : 4.30.85 (17.04.19) 


(Latest version is updated 
0n 17.10.28) 


Target 


What is webOS? 


@LG 


+ WebOS is a mobile operating system acquired by HP for use in various products 
manufactured by LG. 


* LG announces products that use webOS at CES every year. 


Currently, Smart TV, SmartWatch(Urbane), and Refrigerator produced in LG have used the 
webos. 
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LG webOS 3.0 Smart TV Forensics 
- Data Acquisition 
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Data Acq п 


Invasive Physical Data Acquisition 
- But, Smart TV uses soldered storage devices & Disable JTAG, UART port 


> laborious work 


(in general, Smart TV's cost over $1000.) 


=> Data Acquisition through application vulnerabilities 
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Data Acqu n 


Using application vulnerability to acquire data 


Obtain accessible 
privilege to filesystem 


“ Unknown Vulnerabilities (0-day) — Known Vulnerabilities (1-day) 


emn а, | OE ИШ 


sm HD Nw А 
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Data Acquisition 
Hack In Paris 2017 — LG webOS Smart TV's 0-day 


"Are you watching TV now? Is It real?: Hacking of smart TV with 0-day" 


* webOS emulator for developers 
1) Connect to TV's SSH services 
2) Remote app installation on TV 
3) Remote app execution 
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Connection to TV through SSH 


|SANGMINui-MacBook-Pro:- smli 
|SANGMINui-MacBook-Pro:- sali 


mull$ export PATHeSWEBOS CLI TV:SPATH 
mull$ ares-novacom -d tvi -r "sh" 


1) gid=5000 groupss29(audio),44(video), S05 (compositor), 509(se) ,777(c 
[rasha 

|1s -al 

[total 40 

|агихгихгих 4 4896 Nov 

|dr-xr-xr-x — 5 Jul 

|drwxrwkrwk 2 develope Oct 

drwkwxrwk З root Oct 

Drwxrwxrwx 1 prisoner Nov 7 backpipe 

-rwkrwxrwk 1 prisoner Oct 31 14:22 cmd 

-Irwkrwxrwk | 1 5839 Oct 31 14:13 jail app.conf 

-rwxrwxrex | 1 5839 Oct 31 14:13 jail app.conf.sig 
lrwkrwxrwk 1 root Oct 31 14:13 log -> /tmp/developer/log 
mount 


mount | wc -1 
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Data Acquisition 


Obtain root privilege with Command Injection 


48736) 


777 crashd) 


gid=0(root) groups=0(root) 
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Data Acqui 


оп 


How can achieve the integrity of original data when 
data is acquired via rooting? 


e.g. Smartphone's Digital Forensics 
Partition 


Partitions that achieve integrity | [pie => Partitions affected by the vulnerability 


Available as digital evidences 
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How can achieve the integrity of original data when 
data is acquired via rooting? 


e.g. Smartphone's Digital Forensics 
Partition 


Available as digital evidences 
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оп 


How can achieve the integrity of original data when 
data is acquired via rooting? 


e.g. Smartphone's Digital Forensics 
Partition 


Partitions that achieve integrity == Partitions affected by the vulnerability 


Available as digital evidences 
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How can achieve the integrity of original data when 
data is acquired via rooting? 


In case of Smart TV, 


(D The use of partitions is ambiguous. Therefore, the vulnerability affects most partitions. 
(It is corresponding to not only our study but also existing studies) 


@ Integrity can be considered on a folder-by-folder basis, not a partition. 


So, I think... 


as in the case of the United States, there will be a social debate on using a vulnerability to. 
acquire original data against smart TV оз the need for smart TV forensics increases. 


[That Time Cops Searched A Samsung Smart TV For] 
Evidence Of Child Abuse 
l00000 


KOREA 


UNIVERSITY 


LG webOS 3.0 Smart TV Forensics 


- File System & Data Analysis 
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Data Analysis — File Syste 


INK uu 
Idev/mmebikopso 
Tale» eat 
Лоте. СП 
Imam data d 
Tnte lasama сай 
11121712 өн 
majo Wash сай 
Jåev/mmebinopsa [тч сае сай 
ет асквеЛиоввае СШ 
Tnt/ia/eache/webbrowier Cu 
Cu 
[vat /palm/jal/com webos app browser /var una/references 
n - Vors (read опу) 
Tar oain iai com webos app browser mn el ache webbrowser са 
in jai/com mebos.app. browser /emn/gJemn, data/admanager/eaehe мм 
‘ale bo ser /mnt/ig/emn datafadmanagerj M 
1121721::11 mu 
I8ev/mmebikops2 | леда: СЛ 
Tar palm Fl com webos app browser media internal ud 
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Data Analysis 


Process of Data Analysis 


Other function tests OR The function re-tests 


Collect 
User's Action 


Data 
‘Acquisition 
в 


Functions 
Testing 


File System 
Analysis 


© g © © © 


(1) Connect to ssh of TV with root perm 


(2) Upload таре ру scripts through tftp & execute 


LG Smart TV (4) Sending Image file 
занал) E $ rm -/usb/sda/sd31/" 


Analysis Computer 
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Example) Steps © ~ @ - Disk Imaging & Testing 


@ Pre-Imaging @ Functions Testing @ Post-Imaging 


14030088 


Data Analysis 


Example) Step © - Compare Pre-Image with Post-Image (diffing) 
(1) $ diff -rNd ~/pre_image */post image 
(2) Using Beyond Compare, Windump to binary diffing 


Data Analysis 


Example) Step © - Compare Pre-Image with Post-Image (diffing) 
(1) $ diff -rNd ~/pre_image "/post image 
(2) Using Beyond Compare, WinHex to binary diffing 


11/01 sk. Imaging/before/smcb1k0p51/var/com.webos service ein. setting. cache. nds 
ing/af ter /ввсв189051/ var /cos webos. service.eim setting, сасна 08 


Plain Text File 


and /home 


Binary File 
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Example) Step © - Compare Pre-Image with Post-Image (diffing) 
(1) $ diff -rNd ~/рге image ”/post image 
(2) Using Beyond Compare, WinHex to binary diffing 
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- Collect LG Smart TV's digital evidences 
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Collect LG Smart TV's digital evidences 


12 User's Actions (First check : 18 July 2017, Last check : 14 Oct 2017) 


rs A 
1 Last TV On time. [mmcblkOpSO/vardb/main/LOG. 


/mmcblkOpS1/epg/db/PBS OFF. DB. 0 å.db 
[mmcblkOpS 1/epg/tuner favorite, move index.txt 


3 | External Storage Usage History | /mmebikOpS2/eryptots/data/db8/mediadb/media/*.Jog 


2 TV Channel List 


4 TV ON/OFF Reservation. mmeblkOps1/var/lunafpreferences/tin — 
Е Hardware Connection. [mmcblkOpS1/var/lib/webappmanager3/Localtorage/file com webos.ap 
Information. p.inputmgr. O-localstorage. 
6 Installed App Information — | /mmcblkOp52/cryptofs/apps/usr/ib/opke/status 
Internet History [mmcblkOpS1/webbrowser/chrome/Default/Bookmarks, Prefer", History 


8 | Recently Service Usage History | /mmcblkopS2/cryptofs/data/db8/mediadb/media/* log. 


8 App Install History [mmcblkOpS1/varluna/data/downloadhistory.db. 
10| Checking Captured image — |/mmcbIkOpS2/captureTV 

ie icing brant /mmebikOp5 1/var/lib/webappmanager3/LocalStorage/https_krigrecomm 
n Hs rt эруорэнд ends.lgappstv.com_O.localstorage 
12| connected Wifi infomation _ | /mmeblkopS1/var/ib/connman/* 
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Collect LG Smart TV's digital evidences 


12 User's Actions (First check : 18 July 2017, Last check : 14 Oct 2017) 


П r's Action 
1 Last IV On time /mmcblkOpSO/vardb/main/tOG. 
3 VES E [mmcblkOpS 1/epg/db/PBS OFF DB 0. 4.45. 


/mmeblk0p51/epg/tuner, favorite, move index.txt 


з | External Storage Usage History | /mmeblkOpS2/eryptofs/data/db8/mediadb/media/*.log 


å | — TVON/OFFReservation — [/mmeblkOpsi/var/una/preferences/time — ~ 

5 Hardware Connection /mmcbikOpS1/var/lib/webappmanager3/LocalStorage/file com webos.ap. 

ы Information p.inputmgr, O-ocalstorage. 

6 installed App information | /mmcbikOpS2/cryptofs/apps/usr/Ib/opkg/status. 

7 Internet History [mmcblkOpS1/webbrowser/chrome/Default/Bookmarks, Prefer”, History 

8 | Recently Service Usage History | /mmeblkopS2/cryptofs/data/db8/mediadb/media/*.Jog 

8 App Install History mmeblkOp51/var/luna/data/downloadhistory.db 

10| Checking Captured image — |/mmebikops2/eaptureTV 
/mmcblkOpS1/var/lib/webappmanageri/LocalStorage/Mttps, krlgrecomm 

Es панири ends.lgappstv.com_O.localstorage 

12| connected Wifi infomation _ | /mmebik0p51/var/ib/connman/* 
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r's Action 
1 last TV On time [mmcblkpSO/vardb/main/L0G 
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Collect LG Smart TV's digital evidences 


3 External Storage History | /mmcbikopS2/cryptofs/data/db8/mediadb/media/* log. 


в | Recently Service Usage History | /mmcblkopS2/eryptofs/data/db8/mediadb/media/* log. 


/tmp/usb/sda/sda1/image2. jpg н 
USB 4138453442433843(]]8 GIN 

com.» vice. cbox. image: ЦИ! 22720 
KJENAWÄSaF заиватв SEN 


sdb/sdbl/PSY - ‘New Face” M-V. градивен 
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Collect Smar 


TV's digital evidences 


П User's Action. th 
3 External Storage History — | /mmcblkOpS2/cryptofs/data/db8/mediadb/media/*.log 
в | Recently Service Usage History | /mmeblkopS2/eryptofs/data/db8/mediadb/media/* log 


/tmp/usb/sda/sdal/image2. јр +818 File’ Name that exists 
on the external storage 


USB 41384534424: Toman 


webos .service.cbox. image: ЦЕ анч азе р c Ve 


tmp/usb/sdb/sd 


Mass Stor | 
эээ S = [0x41, 0x38, 0x45, @x34, 0х42, 0x43, 0x38, Өх431| ЯВ: 046387 
>>> ''.join(map(chr,S)) завио: сви theo 


"АВЕДВСЕС:. USB Serial Number 


SERRA 


Check Serial Number on my Mac 
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User's Action. 
3 External Storage History | /mmcblkOpS2/cryptofs/data/db8/mediadb/media/* log 


в | Recently Service Usage History | /mmcblkopS2/cryptofs/data/db8/mediadb/media/* log. 


Veon.mebos pp. connectionwizard?i?| eHi/usr/palm/applications/com.webos.app.connectiomdzard/ | 


assets, jeviceconnector_splash-pngKiwL2tAayzc | 


Vcom. webos app .nusic®&/usr/paln/ applications /con.webos .app.music/assets/hd1080/ 
ante РТ ЕН КНС Оаро? 

усот.новоз. app. schedulers! HM/usr/palm/spplications/com.webos.spp.scheduler/assets/sys= 
"Sete RETOUR 22100161 эрТзэл pngkLm.21BOKeV? 


dine) ША. 24/usr /palm/applications/com.nebos.app.tvauide/assete/sys-assete/ | 


101080 
tvguide splash. pnoktwL2FAS2KIKLWL2FAS2KIKLML2FASYZEKLUL2FAUGPOKLVL2FBOK+VICOM.MObos.Launcher.r | 


acentsitons:l 


DEVICE CONNECTOR |Tv SCHEDULER 
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Compare LG with Samsung Smart TV's Digital Evidences 


LG Smart TV Samsung Smart TV 
Our research H.S.Kang [3] A.Boztas [1] 
Issue Year 2014 2014 2015 
Published possc KUSC* Digital Investigation 
Target 43UH6810 MASSER UN46ES8000 UE40F7000SLXXN 
SSLA740V 
2016 2012, 2013 2012 2013 
webOS 3.0 webos 2.0 Proprietary OS Proprietary OS 
Data Software en Software Software 
Acquistion Vulnerability Be. Vulnerabilty | Winerabily 
Method (1-day vuln) Бана (1-day ушп) (1-day vuln) 
ta Analysis (1) Disk imaging ng any TVs (1) Disk Imaging (15 guessed in the 
Man (2) Diffing сина (2) Diffin same way as us) 
Procedure. d menu, app info) в y 


“Кис: Korea Institute of Information Security & Cryptology 
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Compare LG with Samsung Smart TV's Digital Evidences 


LG Smart TV Samsung Smart TV 
Our research H.S.Kang [3] A.Bortas [1] 


Issue Year 2014 2015 


Published кизс* Digital Investigation 


Target m UNAGES8OOD | utor]onosuom 
2016 2012 2013 
webOS 3.0 Proprietary OS Proprietary OS 
Data Software Software 
Acquistion жайа eat Vulnerabiity | Vulnerabilty 
Method съ (1-day vuln) (1-day vuln) 
Baal (1) Disk imaging (1) Disk Imaging (It's guessed in the 
M (2) Diffing (2) Diffing same way as us) 


Procedure. 


“Кис: Korea Institute of Information Security & Cryptology 
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Compare LG with Samsung Smart TV's Digital Evidences 


User's Actions about features of TV 


0: Discover the user's action on the TV 
X: Not discover user's action or not exist on the TV 


User's Action 

last TV On Time о о x 

TV Channel Ust о о | о 
External Storage Usage History о о | о 


КОКЕА 


Compare LG with Samsung Smart TV's Digital Evidences 


User's Actions about applications 


iscover the user's action on the TV 
: Not discover user's action or not exist on the TV 


User's Action 


Installed App Information. о о о 
Internet History. o o о 
Recently Service Usage History. о о о 
x x 
Checking captured images o (There's no capture | (There's no capture 
func) func) 
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Compare 


User's Actions about system configuration 


О: Discover the user's action on the TV 
Х: Not discover user's action or not exist on the TV 


Connected Wifi Information. 


Compare LG with Samsung Smart TV's Digital Evidences 


User's Actions that exists for each Smart TV only 


о: Discover the user's action on the TV 
X: Not discover user's action or not exist on the TV 
RUNE Samsung Smart TV 
Аво 
ТУ ON/OFF Reservation о x x 
Hardware Connection Information o x x 
Last time app opened o x x 
App install History о x x 
Latest Watched TV Channel x о X 
Би (The no camera) g E 
Log policy configuration file x о x 
Request formation (there's no cloud | (Maybe there's no o 
те. эрр) cloud арр) 
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Conclusion 
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Conclusio 


* Data Acquisition by obtaining root privilege 
* Analyze data pre-imaging, testing, and post-Imaging 
comparisons 
* Features of TV : 5 user's actions 
* Pre-installed applications : 6 user's actions 
* System configuration : 1 user's action 


* Comparison of LG and Samsung Smart TV 
* Because physical methods are laborious, data acquisition 
in a logical way 
* The large classification of user's actions is similar 
* User's Actions have different depths 
* Physical characteristics of Smart TV, such as camera presence 
+ Similar functionalities of are implemented differently 


KOREA 


SAME 


knowledgemen 


This work was supported by Institute for Information & communications 
Technology Promotion(IITP) grant funded by the Korea government(MSIP) 
(R7117-16-0161,Anomaly detection framework for autonomous vehicles) 


SANE 


Q&A 


INIVERSITY 


Reference 


11 
SANE їг! KOREA 


Reference 


[1] Вода, Abdul, A. R. 1. Riethoven., and Mark Roeloffs. "Smart TV forensics: Digital traces on televisions Digital Investigation 12. 
(2015): 572-580. 


[2] Sutherland, lin, et "А forensic overview of the LG Smart TV." (2014) 


[3] Kang, Heesoo., Мини Park, and Seuntjoo Кит. "Study on Smart TV Forensics. Journal of the Korea Institute af Information Security 
‘ond Cryptology 24.5 (2014): 851 


14] Sutherland, lin. Ним Read., and Konstantinos Xynos. “Forensic analysis of smart TV: А current issue and call to arms." Digital 
Investigation 11.3 (2014): 175-178. 


[S] Al Falayleh, Mousa. "A review of smart tv forensic: Present state В future challenges” The International Conference on Digital 
formation Processing, E-Business and Cloud Computing (DIPECC) Society of Digital Information and Wireless Communication, 2013. 


16] "That Time Cops searched A Samsung Smart TV For Evidence Of Child Abuse’ Mtps/too /нОРУ 
[7] "LG Electronics Acquires webOS from HP to Enhance Smart TV”, https://goo.gl/BKG6GE. 

{8} Lee, Jonghoo, Mingeun Kim, "Are you Watching TV row? litres? Hack in Paris 2017, Ntpsfgo 09512] 
9] Lee, Seungjin., and Seungjoo Kim. "Hacking, surveilling and deceiving victims on smart tv." Blockhat USA (2013), 
110] Grattafiori, Aaron., and Josh Yavor. "The Outer Limits: Hacking A Smart TV.” Blackhat USA (2013). 

[11] SamyGo forum, "https://www.samygo.tv/" 

[12] Park, Мими, et al. "Developing a Protection Profile for Smart TV", ICCC 2014, https://goo.g/P7yNTv 

113) Application Security Solution V1.0 for LG webOS TVICertfeaton Report нар /вгоИрнанс 

[14] Samsung Smart TV Security Solution V1.0{Certification Report], https://goo.gl/dNgvZA- 

[15] LG webOS TV Developer, http.//webostvdeveloperlge соту 


SANE 


KOREA 


UNIVERSITY 


